Add references to related `url` functions in punycode.md. These provide
guidance to users who may be investigating the punycode module for URL
encoding.
PR-URL: https://github.com/nodejs/node/pull/36761
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Yash Ladha <yash@yashladha.in>
Reviewed-By: James M Snell <jasnell@gmail.com>
Fixes: https://github.com/nodejs/node/issues/32750
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/36786
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Harshitha K P <harshitha014@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/36679
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Zeyu Yang <himself65@outlook.com>
Reviewed-By: Pooja D P <Pooja.D.P@ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Per rvagg:
```
Persistent failure, even after restarts of the whole cluster. #36478 was
merged into this test yesterday but the parent commit still has the
failures.
What has changed is the Docker version. They all got an upgrade to
5:20.10.2~3-0~raspbian-buster and this is all running inside containers.
It's going to be the newest version of Docker running in our CI and I
wonder whether we're going to see similar failures when we upgrade other
hosts or if this is going to be restricted to ARM.
Other than that, I'm not sure what this could be. It seems like a
straightforward test that shouldn't fail, maybe Docker has introduced
something new for unprivileged port binding inside containers?
```
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/36850
Refs: https://github.com/nodejs/node/issues/36847
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Mary Marchini <oss@mmarchini.me>
* Use present tense.
* Remove "persistently" which suggests that the cache persists across
Node.js runs.
* Remove "pre-emptively". I think "proactively" is what was meant as
nothing is being pre-empted here. Regardless of what the adverby
should be, it seems unnecessary.
PR-URL: https://github.com/nodejs/node/pull/36830
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Co-authored-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/36313
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Fix two typographical errors ("This methods") and general minor edits
around the use of the word "method" in async_hooks.md.
PR-URL: https://github.com/nodejs/node/pull/36736
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Harshitha K P <harshitha014@gmail.com>
The http/headers.js benchmark fails if wrk or autocannon are not
installed. This is because the benchmark exceeds the default permissible
length for HTTP headers. Reduce the largest benchmarks to fit within the
8192 default as that is what we should be optimizing for.
Fixes: https://github.com/nodejs/node/issues/31022
PR-URL: https://github.com/nodejs/node/pull/36794
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Fixes: https://github.com/nodejs/node/issues/36787
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/36788
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Since 55e83cbe957de2c752521557ffd74d4496fa8b81
has changed the ordering of the close event, add a test case.
IncomingMessage will emit close before the response is sent in case the
server is consuming data from it.
Refs: https://github.com/nodejs/node/pull/33035#issuecomment-751489998
PR-URL: https://github.com/nodejs/node/pull/36645
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Edit for brevity and clarity. Use present tense where possible.
PR-URL: https://github.com/nodejs/node/pull/36738
Reviewed-By: Andrey Pechkurov <apechkurov@gmail.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Correct md5sum hash for the tarball version of the ICU 68.1 source.
The previously recorded md5sum hash was for the zip version.
PR-URL: https://github.com/nodejs/node/pull/36777
Fixes: https://github.com/nodejs/node/issues/36776
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
The docs on N-API say that NAPI_MODULE_INIT must
be used for the addon to be context-aware. That seems
to be wrong, i.e. all N-API addons are context-aware(?)
PR-URL: https://github.com/nodejs/node/pull/36640
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gabriel Schulhof <gabriel.schulhof@intel.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/36800
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Pooja D P <Pooja.D.P@ibm.com>
Remove all leftover usage of _stream_* and keep all of them as legacy.
We do not deprecate the old modules to avoid disrupition and ease
maintainance.
PR-URL: https://github.com/nodejs/node/pull/36684
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Newly added process.memoryUsage.rss() will presumably return 0 on IBMi
the same way process.memoryUsage().rss does. Allow IBMi to skip the new
assertion.
The test was using a mix of `assert()` and `assert.ok()`. This change
makes it consistently use `assert.ok()`.
PR-URL: https://github.com/nodejs/node/pull/36758
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Some general edits, but also adding an explanation of why one might
choose process.memoryUsage.rss() over process.memoryUsage().rss.
PR-URL: https://github.com/nodejs/node/pull/36757
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Yash Ladha <yash@yashladha.in>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Use common.enoughTestMem to avoid "Array buffer allocation failed"
error on low memory devices.
Fixes: https://github.com/nodejs/node/issues/36792
PR-URL: https://github.com/nodejs/node/pull/36795
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Pooja D P <Pooja.D.P@ibm.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Now that we are using primordials in the first part of
isIdenticalTypedArrayType(), the defensive coding to get the correct
result (when Symbol.toStringTag is manipulated) is no longer reachable
or necessary. Remove the code.
Refs: https://coverage.nodejs.org/coverage-873d21cdc1266273/lib/internal/util/comparisons.js.html#L135
PR-URL: https://github.com/nodejs/node/pull/36744
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Notify #nodejs-dev on the OpenJS Foundation slack when someone
force-pushes, removing one manual step from force-pushing.
PR-URL: https://github.com/nodejs/node/pull/35131
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Calling `finished(socket, cb)` would previously not
invoked the callback if the socket was already detroyed.
PR-URL: https://github.com/nodejs/node/pull/36635
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Update ESLint to 7.17.0
PR-URL: https://github.com/nodejs/node/pull/36726
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Yash Ladha <yash@yashladha.in>
This macro needs to match between Node.js and addons that use C++
standard library types whose ABI differs (e.g. `std::string`).
Therefore, a value for this should be specified in `common.gypi`.
(Currently, the 32-bit ARM builds use this ABI, and other
platforms don’t. It might also be possible to set this value to `0`
instead, it’s only important that *a* value is specified.)
Refs: https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_dual_abi.html
PR-URL: https://github.com/nodejs/node/pull/36634
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Notable changes:
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8265: use-after-free in TLSWrap (High)
Affected Node.js versions are vulnerable to a use-after-free bug in
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller
as part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs
Affected versions of Node.js allow two copies of a header field in
a http request. For example, two Transfer-Encoding header fields.
In this case Node.js identifies the first header field and ignores
the second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
PR-URL: https://github.com/nodejs-private/node-private/pull/240
Notable changes:
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8265: use-after-free in TLSWrap (High)
Affected Node.js versions are vulnerable to a use-after-free bug in
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller
as part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs
Affected versions of Node.js allow two copies of a header field in
a http request. For example, two Transfer-Encoding header fields.
In this case Node.js identifies the first header field and ignores
the second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
PR-URL: https://github.com/nodejs-private/node-private/pull/239
